Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Ideas

What features would you like to see?

All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Manager Intune, though we can’t promise to reply to all posts.

Standard Disclaimer – our lawyers made us put this here ;-) We have partnered with UserVoice, a third-party service, so you can give us feedback. Please note that the Intune feedback site is moderated and is a voluntary participation-based project. Please send only feature suggestions and ideas to improve Intune. Do not send any novel or patentable ideas, copyrighted materials, samples or demos. Your use of the portal and your submission is subject to the UserVoice Terms of Service & Privacy Policy, including the license terms.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Intune RBAC table (or similar) to docs

    I can't find detailed information in regards of each permission in Intune. The "Intune RBAC table"-document is out of date, but similar information such as that is what I'm looking for to have in the Intune Docs.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Documentation  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dynamics 365 Remote Assist in App Protection

    Dynamics 365 Remote Assist should be available in App Protection policies just as MS Teams and other Microsoft applications

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  App protection policies (APP/MAM)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support to retrieve ICCID for Android Enterprise Fully Managed and Dedicated devices

    Intune does not retrieve the ICCID for Android Enterprise Fully Managed or Dedicated devices. Currently this is by design. Please add this Support as I'm sure sure it's an important feature to many customers and also it is a Basic functionality in a modern MDM system.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Android-specfiic  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add option to disable shift+F10 in autopilot profile

    Add option to disable shift+F10 in autopilot profile. So you have the option to leave it on while troubleshooting testing scenario's and are experimenting. But that it is not available in production setup.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to Set / Deploy HKLM & HKCU Registry keys

    Similar to how it's done in GPP, Having the ability to deploy / set HKCU & HKLM registry keys against Win10 devices would be extremely helpful.

    Currently to do this we need to use a custom powershell script for anything not ADMX based which in my example is setting a application licensing server for the user based on a dynamic group (location).

    401 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
  6. Expose compliance state to local processes

    I'd like to be able to 'detect' if a device is compliance or not from local processes such as PowerShell scripts. I'm currently using this method to locally detect if a device is compliant or not but this is a bit 'hacky' and doesn't seem future proof.

    https://www.lieben.nu/liebensraum/2020/01/ps-oneliner-to-get-local-device-compliance-state/

    Please expose compliance state through the registry, a local API call or WMI.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Compliance Policies  ·  Flag idea as inappropriate…  ·  Admin →
  7. Let us see the script contents

    Please let us see the contents of Powershell script we upload into the Powershell scripts module. It's very hard to sometimes see what you uploaded a few months ago.

    We can do this with the start menu xml file in device configuration, so it would be nice to see this feature with powershell aswell.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Scripting-Graph/PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  8. Single App Mode for fully managed enrolled devices

    We would need the possibility to assign one app as a single app mode on a personalised fully managed enrolled device which restricts the app to be locked on the screen when it is opened, so you can't exit the App without a passcode.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Microsoft Translator with Intune SDK for App Protection Policies IOS

    It would be nice if the microsoft translator app could apply app protection policies. Currently it is not possible to translate a mail via a translater app, because we prevent that company data is shared with unmanaged apps. As we have subsidiaries in many different countries, this would help our mobile communication a lot.

    35 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Exchange on-prem connector: Delete EAS device after/with a device retire action

    Intune enrolled devices which are syncing with an on-prem Exchange mailbox are displayed as "Managed by EAS/MDM" in the Intune portal. A retire action with Intune deletes the MDM device but leaves the EAS devices remaining. This uservoice proposes that the EAS device will also be removed from the Exchange organization during the retire action.

    65 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Inventory (all platforms)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add uninstalled apps to the dependencies OR queu app installs

    I will explain the issue we had.

    We packaged an application with config A. Once this was rolled out, we noticed a problem with the configuration.
    We packaged the application again, now with config B. We noticed that config changes where not being overwritten.

    Now the idea we had was, to uninstall the first app with config A then followed by the new installation of the app with config B.

    During this process we found out that within dependencies we were not able to select an uninstalled app (being App with config A) as dependency for the installation of the…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Apps config and deployment  ·  Flag idea as inappropriate…  ·  Admin →
  12. Android Enterprise Fully Managed Device and PKCS Certificates

    Our organization doesn't allow using of SCEP certificate deployment for WiFi and VPN authentication. For standard Android devices PKCS (PFX) and SCEP deployment are as option.
    Are there any near plans for PKCS support for Android Enterprise Fully Managed devices?

    28 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Certs, Email , VPN, Wi-Fi  ·  Flag idea as inappropriate…  ·  Admin →
  13. Native support for Desktop Analytics for AAD Joined and Hybrid AAD Joined MDM Only managed devices

    There should be Native enrollment for Intune enrolled devices similar to ATP onboarding. Either a Device configuration profile, which includes CommercialID, AllowTelelmetry(with LimitEnhancedDiagnosticsDataWindowsAnalytics), and AllowDeviceNameInTelemetry. Or at least an article to onboard using a PowerShell script which can be deployed via Intune.

    Currently even if devices are manually configured with these settings they will not appear in Desktop Analytics without an SCCM collection association.

    This and similar analytics for Office 365 clients are big ticket missing items for the successful management of the Modern MDM managed devices, and the Windows/Office as a service platform.

    117 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow Office365 Apps to be managed individually for Conditional Access

    While you can allow for different conditional access policies for Teams, you cannot do the same for Outlook, OneDrive, Sharepoint, etc., without it affecting Teams as well because the Office 365 Cloud app encompasses Teams as well.

    For Example: this would allow users who haven't enrolled their devices yet to still use Teams, but not allow them to use Outlook, OneDrive, etc. until they enroll, when configured to do so.

    You can currently achieve this on Android devices, but iOS devices seem to have an issue where this is not allowed given the current Cloud App settings. In a controlled…

    30 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow User Name in Device Name Template

    Under an enrollment profile, you can set a device name template to rename all devices being added. I'd like to have the option of adding a username in the front of the device type. This way, instead of seeing "iPhone" in my device list, I'll be able to see something like "JSmith iPhone"

    112 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Store Bitlocker recovery key for removable device in AAD

    Ability to save Bitlocker recovery key for removable devices to AAD. Today it is only possible to print or save the key locally.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Bitlocker Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Dynamic Device group based on installed application

    We have a situation where we allow users to install apps from the appstore on their corporate device but a situation came up where a lot of heavy data usage apps are causing large bills.

    We want the option to be able to deploy app restriction policies and take control of an unmanaged app without having to deploy it to all users.

    Being able to make a dynamic device group based on a specific discovered app would allow us to target only those with the application installed for the restriction policy rather than having to deploy the app to everyone…

    31 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Mobile Device Management (general)  ·  Flag idea as inappropriate…  ·  Admin →
  18. Applying WDAC (Windows Defender Application Control) policy should not force reboot after 10 minutes

    If one have a configuration profile that actives WDAC (Windows Defender Application Control) on Windows 10, it will break the Enrollment Status Page flow during the AutoPilot process, forcing a reboot after 10 minutes before everything has been applied, leaving it in a state which is far from optimal, and impacting the user experience in a really bad way.

    The AutoPilot process must deal with this type of forced reboot, especially since the usage of WDAC is increaing across organizations.

    116 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Autopilot/Windows enrollment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Bug where Web clips are duplicated & Orphaned on the iOS device

    In some circumstances,
    When you deploy a web clip to multiple groups where the user may be in more then one of the groups. The web clip is installed on the device multiple times, once correctly, then other usually without the image.

    These multiple web clips can not be deleted from the device, and if you set the web clip to uninstall, most of the icons remain on the device.

    The icons end up orphaned on the device and the only way to clean them is to either Un-enrol the device or erase the device.

    We should be able to…

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  iOS-specific  ·  Flag idea as inappropriate…  ·  Admin →
  20. Microsoft Intune Devices dashboard do not display correct number of devices.

    The devices numbers on the Dashboard do not match with the devices numbers in the All devices list. When talked to engineers they confirmed that this issue is already reported to them. Please fix this issue as soon as possible.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base